In a coordinated announcement, Microsoft, Google, Apple, and Mozilla have stated that they will be retiring the TLS 1.0 and TLS 1.1 secure communication protocols beginning in 2020.
TLS (Transport Layer Security) is a protocol that can be used to encrypt communication between your web browser and a web site that is being visited. This protocol provides an encrypted channel that allows the data you submit and receive from secure web sites sites to be encrypted and inaccessible to 3rd parties who try to listen in your communications. While this type of communication channel is important for all privacy concerns, it is especially important when submitting private information such as a user names, password, personally identifiable information, and financial information.
For the past 20 years, web browsers have supported the original TLS 1.0 specification and then its TLS 1.1 successor, but browsers are increasingly no longer using them. Instead, browsers are using the more secure and optimized TLS 1.2 and TLS 1.3 specifications. These newer specifications not only include enhanced security, but also support new protocols such as the HTTP/2 network protocol, which can increase the speed of browsing web sites.
With over 94% of the sites surveyed by Qualys SSL Labs already supporting TSL 2.1, it was decided to retire a protocol that is 20 years old in favor of newer ones that are better supported and can better provide a more secure path moving forward.
Furthermore, Chrome, Safari, Edge, and Firefox statistics show that most users are no longer even using these protocols:
- Google is reporting that only 0.5% of HTTPS connections made by Chrome are using TLS 1.0 or TLS 1.1
- Apple is reporting that on their platforms less than 0.36% of HTTPS connections made by Safari are using TLS 1.0 or TLS 1.1.
- Microsoft is reporting that only 0.72% of secure connections made by Edge use TLS 1.0 or 1.1.
- Firefox has the largest amount of connections, using TLS 1.0 or 1.1 at 1.2%, but it is still a very small amount.
When it comes to retiring these protocols, each company has their own plan.
Google plans on deprecating TLS 1.0 and TLS 1.1 in Chrome 72, where developers will see deprecation warnings in the Developer Tools. These protocols will be disabled completely starting in Chrome 81.
Mozilla will disable support in Firefox for TLS 1.0 and TLS 1.1 in March 2020. Users of Beta, Developer, and Nightly builds of Firefox will see these changes sooner.
Microsoft stated that they will disable support for TLS 1.0 and 1.1 in Edge and Internet Explorer 11 in the first half of 202.
Finally, Apple has stated that they will remove support for these protocols in iOS and macOS beginning in March 2020.
How to check if you will be affected
For Windows users, you can easily check how you will be affected by the retirement of these protocols by disabling them now. Using the Windows Internet Options control panel, you can disable TLS 1.0 and 1.1 and see if it causes any problems with sites that you frequent.
To disable TLS 1.0 and 1.1 in Windows, please follow these steps:
- In the Start Menu search field, type Internet Options and click on the Internet Options Control Panel result when it is shown.
- When the Internet Properties screen opens, click on the Advanced tab.
- Now scroll down until you see the Use TLS 1.0 and Use TLS 1.1 options under the Security section. Then uncheck each of these options as shown below.
- Now press Apply and then OK to save the changes
You can now browse the Internet as normal using Edge or Internet Explorer to determine if these changes had any affect on the sites you visit. If they have, you may want to point them to this article so they are aware of what is going to happen in the future.
To read the original article: https://www.bleepingcomputer.com/news/security/tls-10-and-tls-11-being-retired-in-2020-by-all-major-browsers/